review-reply

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly fetches and ingests user-generated GitHub review and issue comments (see Step 1: gh api repos/{owner}/{repo}/pulls/{number}/comments and issues/{number}/comments) and then analyzes and acts on those reviewer suggestions (Steps 2–5), so untrusted third-party content can directly influence the agent's decisions and tool actions.